PT-2025-16702 · Linux+7 · Linux Kernel+7
Syzbot
·
Published
2025-04-02
·
Updated
2026-05-26
·
CVE-2025-22062
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.14.0
Description
A vulnerability in the Linux kernel has been resolved by adding mutual exclusion in proc sctp do udp port(). The issue occurred because calls to sctp udp sock stop() and sctp udp sock start() were not serialized, which could lead to a crash. This was reported by syzbot, which encountered a general protection fault, likely due to a non-canonical address. The vulnerability could cause a null pointer dereference.
Recommendations
For Linux kernel versions prior to 6.14.0, update to version 6.14.0 or later to resolve the issue. As a temporary workaround, consider disabling the
sctp udp sock stop() and sctp udp sock start() functions until a patch is available. Restrict access to the vulnerable proc sctp do udp port() function to minimize the risk of exploitation.Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu